Re: Packages and signatures
On Thu, Jan 18, 2001 at 11:48:10PM -0300, Nicolás Lichtmaier wrote:
> > The problem with signing packages is that you can't trust a computer
> > to do it for obvious reasons (like building/installation of packages
> > being done as root).
> Again with diferent words: A key used by "dinstall" (or whatever its name
> is now) will have the same degree of security/trust that packages that are
> now built with it.
A package that has been signed by a dinstall key would have a bit
more security - it verifies, that the package has indeed passed the
dinstall prosesess or someone has hacked the prosess.
In the latter case, we have a lot more to worry ablout than fake
signatures.
What matters, is that dns spoofed mirror with fake packages
would have unsigned packages.
Still, I think that the binaries should be signed by both
the maintainer and dinstall. So that the real paranoid
folk can start traveling around the world and gather
a web of trust to all packages they use x)
> It's sad that this missconception has prevented Debian from using signed
> packages for so long.
This is the Debian symptom. If we can't make a perfect solution,
we won't do a better than current solution.
--
Riku Voipio | riku.voipio@iki.fi |
kirkkonummentie 33 | +358 50 3313498 --+--
02140 Espoo | |
Facts do not cease to exist because they are ignored. |
Reply to: